I’m not sure if anyone experience this but for couple of days our website is under very heavy DDoS Layer 7 attacks.
It’s not uncommon we have got used to it and we were able to protect our website with help of CloudFlare protection and with few Firewall rule setup we are all set.
But this time last 24 hours it was a ■■■■ for us unfortunately, even though we have put firewall rules in place to captcha all countries except our own market country we were able to observe somehow million of requests going beyond CloudFlare and reaching to our server with thousand of IPs from countries that has catpcha challenge active.
This was not the first time we have observed this and we thought taking into consideration the technology expansion we blocked all countries except our marketing country, guess what? Attacker was able to bypass that too…
I would like to mention that our server is not accessible other than CloudFlare IPs therefore there is not even a way to receive such attacks directly to our server IP so that’s not the problem.
I just want to understand how they are able to bypass CloudFlare protection, if anyone else has experience this and if CloudFlare is taking actions mitigating this type of bypassing from their technology?
Example screenshot of the heavy DDoS: